function deleteUser()
{
$user = new User();
$user->deleteUser($_POST['usr_id']);
if (isset($_SESSION['id']) && $_SESSION['id'] == $_POST['usr_id']) {
logout();
}
}
/**
* Enter description here ...
*/
public function deleteAction()
{
$this->_helper->layout->disableLayout();
$this->_helper->viewRenderer->setNoRender();
$request = $this->getRequest();
$ids = $request->getParam('cid');
$user = new User();
$user->deleteUser($ids);
$this->_redirect('admin/user/show');
}
function deleteUser($id)
{
global $bdd, $_TABLES;
if (!is_null($bdd) && !is_null($_TABLES)) {
$objUser = new User($bdd, $_TABLES);
$objUser->deleteUser($id);
} else {
error_log("BDD ERROR : " . json_encode($bdd));
error_log("TABLES ERROR : " . json_encode($_TABLES));
}
}
function logged_in()
{
session_start();
if (isset($_SESSION['password']) == FALSE) {
return FALSE;
}
//echo 'girmedi';
if (isset($_SESSION['creation'])) {
if (time() - $_SESSION['creation'] > 180) {
User::deleteUser($_SESSION['password']);
return FALSE;
}
} else {
return FALSE;
}
return TRUE;
}
public function go()
{
if (isset($_GET['id'])) {
$id = $_GET['id'];
}
if (isset($_POST['submit'])) {
if ($_POST['username'] == '') {
$this->addErrorMessage("Name of the user should not be empty");
} elseif ($_POST['email'] == '') {
$this->addErrorMessage("Email should not be empty");
} elseif ($_POST['full_name'] == '') {
$this->addErrorMessage("Please enter your full name");
} elseif ($_POST['is_activated'] == '') {
$this->addErrorMessage("Is the user activated or not");
} elseif ($_POST['type'] == '') {
$this->addErrorMessage("Please select the type of the user");
} else {
$this->username = $_POST['username'];
$this->email = $_POST['email'];
$this->password = $_POST['password'];
$this->full_name = $_POST['full_name'];
$this->is_activated = $_POST['is_activated'];
$this->type = $_POST['type'];
User::updateUser($id, $this->username, $this->full_name, $this->email, $this->password, $this->is_activated, $this->type);
$this->addSuccessMessage("User details have been updated succesfully");
}
}
$users = User::getUser($id);
$this->setViewTemplate('edituser.tpl');
$this->addToView('user', $users[0]);
$this->generateView();
if (isset($_POST['deletesubmit'])) {
User::deleteUser($id);
$this->addSuccessMessage("User has been deleted succesfully");
header('Location:' . SOURCE_ROOT_PATH . "admin/pages/usermanager.php?source=del");
}
}
$usr = $db->select($us->getUserById($id))->fetch_assoc();
// if submit button is pressed
if (isset($_POST['submit'])) {
// simple validation
if ($name == '' && !isset($_POST['name']) || $setadmin == '' && !isset($_POST['isAdmin'])) {
// set error
$error = 'Please fill out all required fields.';
} else {
//assign variables
$name = mysqli_real_escape_string($db->link, $_POST['name']);
$isadmin = mysqli_real_escape_string($db->link, $_POST['isAdmin']);
$update_row = $db->update($us->updateUser($name, $isadmin, $id));
}
}
if (isset($_POST['delete'])) {
$delete_row = $db->delete($us->deleteUser($id));
}
// password change section
if (isset($_POST['submit2'])) {
if (isset($_POST['password']) && isset($_POST['newPassword']) && isset($_POST['confirmPassword']) && $_POST['password'] != '' && $_POST['newPassword'] != '' && $_POST['confirmPassword'] != '') {
$newPassword = $_POST['newPassword'];
$confirm = $_POST['confirmPassword'];
if ($newPassword == $confirm) {
$newPassword = password_hash($newPassword, PASSWORD_DEFAULT);
$password = $_POST['password'];
$password = password_hash($password, PASSWORD_DEFAULT);
// get password
$row = $db->select($us->getPasswordById($id))->fetch_assoc();
if ($row) {
$hash = $row['Password'];
if (password_verify($_POST['password'], $hash)) {
<?php
// Include common functions and declarations
require_once "../../include/common.php";
// Create user object
$user = new User(getGetValue("userId"));
// Check if user is webmaster
if (!$user->hasEditPermission()) {
$login->printLoginForm();
exit;
}
// Delete user
$deleteUser = getValue("deleteUser");
if (!empty($deleteUser)) {
// Delete user
$user->deleteUser();
// Redirect to user index
redirect(scriptUrl . "/" . folderUsers);
} else {
if (!empty($_GET["save"])) {
// Save user data
$errors = $user->saveUser();
// Redirect to user index
if (!$errors->hasErrors()) {
redirect(scriptUrl . "/" . folderUsers);
}
}
}
// Add navigation links
$site->addNavigationLink(scriptUrl . "/" . folderAdmin, $lAdminIndex["Header"]);
$site->addNavigationLink(scriptUrl . "/" . folderUsers, $lUserIndex["Header"]);
<?php
require_once dirname(__FILE__) . "/../conf/config.php";
require_once dirname(__FILE__) . "/../conf/functions.php";
if ($_SERVER['REQUEST_METHOD'] != "POST") {
// nothing
} else {
$user = new User();
$user->deleteUser($_POST['id']);
}
header('Location: index.php');
exit;
/**
* @brief Detete user
*
* DELETE https://server/pathname/version/username
*
* Deletes the user account.
* NOTE: Requires simple authentication with the username and password associated with the account.
*
* Return value:
* 0 on success
*
* Possible errors:
* 503: there was an error removing the user
* 404: the user does not exist in the database
* 401: authentication failed
*
* @param string $userName
*/
private function deleteUser($syncUserHash)
{
if (User::syncUserExists($syncUserHash) == false) {
Utils::changeHttpStatus(Utils::STATUS_NOT_FOUND);
return true;
}
if (User::authenticateUser($syncUserHash) == false) {
Utils::changeHttpStatus(Utils::STATUS_INVALID_USER);
return true;
}
$userId = User::userHashToId($syncUserHash);
if ($userId == false) {
Utils::changeHttpStatus(Utils::STATUS_INVALID_USER);
return true;
}
if (Storage::deleteStorage($userId) == false) {
Utils::changeHttpStatus(Utils::STATUS_MAINTENANCE);
return true;
}
if (User::deleteUser($userId) == false) {
Utils::changeHttpStatus(Utils::STATUS_MAINTENANCE);
return true;
}
OutputData::write('0');
return true;
}
<?php
// making Sql connection
require_once 'settings\\db_settings.php';
require_once 'db.php';
require_once 'elements/user.php';
$db = DB::start();
User::$db = $db;
head();
switch (true) {
case isset($_GET['edit']):
break;
case isset($_GET['delete']):
User::deleteUser($_GET['delete']);
break;
case isset($_GET['delete_confirm']):
User::confirmDeleteUser($_GET['delete_confirm']);
case true:
User::listUsers();
break;
}
footer();
function head()
{
?>
<!DOCTYPE html>
<html>
<head>
</head>
<body>
<?php
$user2 = new User(Input::get('uid'));
if (!$user2->exist()) {
session::flash('error', 'The user does not exists!');
Redirect::to(path . 'index.php');
}
} else {
session::flash('error', 'The user does not exists!');
Redirect::to(path . 'index.php');
}
if (Input::exists()) {
if (Token::check(Input::get('token'))) {
$val = new Validation();
$val->check($_POST, array('id' => array('required' => true)));
if ($val->passed()) {
try {
$user2->deleteUser(Input::get('id'));
session::flash('complete', 'You deleted ' . $user2->data()->name);
Redirect::to(path . 'index.php');
} catch (Exception $e) {
session::flash('error', $e->getMessage());
Redirect::to(path . 'index.php');
}
}
}
}
?>
<html>
<head>
<?php
include path . 'assets/php/css.php';
?>
*/
header('content-type: text/html; charset=utf-8');
session_start();
include "./classElement.php";
include "./classUser.php";
if (isset($_POST['Registruotis']) && $_POST['Registruotis'] == 'Registruotis') {
$_SESSION["user"] = $_POST['user'];
$_SESSION["pass"] = $_POST['pass'];
}
if ($_SESSION["user"] == "trinti" && $_SESSION["pass"] == "leidziama") {
$user = new User();
/**
* Vartotojo trinimas
*/
if ($_GET['action'] == "delete") {
$user->deleteUser($_GET['id']);
echo $user->createUsersList($_GET['sort']);
/**
* Vartotojo duomenu keitimas
*/
} elseif ($_GET['action'] == "edit") {
$user->getUserData($_GET['id']);
if (isset($_GET['name'])) {
$userName = $_GET['name'];
$email = $_GET['email'];
} else {
$userName = $user->getUserName();
$email = $user->getUserEmail();
}
$id = $_GET['id'];
if (isset($_GET['Ivesti']) && $_GET['Ivesti'] == 'Įvesti') {
});
$app->get('/users/:id', function ($id) use($app) {
$user = new User();
$user->getUser($app, $id);
});
$app->post('/users', function () use($app) {
$user = new User();
$user->createUser($app);
});
$app->put('/users/:id', function ($id) use($app) {
$user = new User();
$user->modifyUser($app, $id);
});
$app->delete('/users/:id', function ($id) use($app) {
$user = new User();
$user->deleteUser($app, $id);
});
// **
//Connexion
// **
$app->post('/connexion', function () use($app) {
$co = new theConnexion();
$co->connexion($app);
});
$app->post('/inscription', function () use($app) {
$co = new theConnexion();
$co->inscription($app);
});
// Welcome in routing
function welcome()
{
} elseif ($user['user_group'] == "user") {
$smarty->assign("selectedadmin", "");
$smarty->assign("selectedmanager", "");
$smarty->assign("selecteduser", "selected");
}
$smarty->assign("menu", $_SESSION['user']->getGroup());
$smarty->assign("content", $menu);
break;
case 'userSaveUpdate':
$smarty->assign("title", "Modification enregistrée ");
$smarty->assign("pseudo", $_SESSION['pseudo']);
$smarty->assign("email", $_SESSION['email']);
$smarty->assign("group", $_SESSION['group']);
$smarty->assign("menu", $_SESSION['user']->getGroup());
$smarty->assign("content", "userSave");
break;
case 'userDelete':
$userId = $_GET["id"];
User::deleteUser($userId);
$_SESSION['userList'] = User::getAllUser();
$smarty->assign("title", "Gestion des utilisateurs");
$smarty->assign("menu", $_SESSION['user']->getGroup());
$smarty->assign("content", "userList");
$smarty->assign("userList", $_SESSION['userList']);
$smarty->assign("size", $_SESSION['size']);
break;
}
$smarty->display('homePage.tpl');
} else {
Url::relocate('home.php');
}
<?php
require_once 'includes/header.php';
if ($request['action'] == 'users') {
$title = "Account Management";
if (isset($_POST['action'])) {
if ($_POST['action'] == 'delete') {
// Deleting the User's account
User::deleteUser($_POST['uid']);
} elseif ($_POST['action'] == "change_permission") {
// Granting a new permission
switch ($_POST['permission_level']) {
case 'No Access':
case 'New Applicant':
case 'Member':
$required_permission = $user->getDirectorAccess();
break;
case 'Director':
case 'CEO':
$required_permission = $user->getCEOAccess();
break;
case 'Admin':
$required_permission = $user->getAdminAccess();
break;
}
if ($required_permission) {
if ($user->getAdminAccess()) {
// Admins can change permissions for anyone in the auth
$stmt = $db->prepare('UPDATE user_accounts SET access = ? WHERE uid = ?');
$stmt->execute(array($_POST['permission_level'], $_POST['uid']));
} else {
public function deleteUser($id)
{
$user = User::deleteUser($id);
return $user;
}
<?php
include_once "classDBAndUser.php";
if (!User::isAdmin()) {
echo "Not is admin...";
exit;
}
if ($_GET['t'] == "delete") {
if (intval($_GET['id']) <= 0) {
echo "Invalid ID";
} else {
$result = User::deleteUser(intval($_GET['id']));
if (isError($result)) {
echo dError($result);
}
}
exit;
}
if ($_GET['t'] == "list") {
$list = $db->l("SELECT * FROM user", false);
?>
<a href="javascript:form_add('adminUser');"><img src="./images/add.png">Agregar Usuario</a><br /><br />
<table width = "100%">
<tr>
<th>Nombre</th><th>E-Mail</th><th>Usuario</th><th>Opciones</th>
</tr>
<?php
for ($i = intval($_GET['ind']); $i < min(intval($_GET['ind']) + ITEMS_PAGE, count($list)); ++$i) {
echo "<tr " . ($i % 2 == 0 ? 'class="odd"' : 'class="even"') . ">" . "<td>{$list[$i]['name']}</td><td>{$list[$i]['mail']}</td><td>{$list[$i]['user']}</td>" . "<td><a href='javascript:form_update({$list[$i]['id']},\"adminUser\");'><img src='images/page_edit.png' alt='Editar' title='Editar'></a> | <a href='javascript:form_delete({$list[$i]['id']},\"{$list[$i]['name']}\",\"adminUser\");'><img src='images/delete.png' alt='Eliminar' title='Eliminar'></a></td></tr>";
function _adminUsers()
{
isUserLoggedIn();
switch ($_POST['actiune']) {
case 'edit':
reset($_POST);
$key = key($_POST);
$user_id = explode("_", $key);
$user = new User(getDbh());
$user_details = $user->getUserDetails($user_id[1]);
$grupa = new Grupa(getdbh());
$groupsDetails = $grupa->fetchAll();
$result['grupa'] = $groupsDetails;
$result['user'] = $user_details;
$result['ID'] = $user_id[1];
$data['msg'][] = View::do_fetch(VIEW_PATH . 'modifica_user.tpl.php', $result);
View::do_dump(VIEW_PATH . 'layout.php', $data);
break;
case 'delete':
reset($_POST);
$key = key($_POST);
$user_id = explode("_", $key);
$user = new User(getDbh());
if ($user->deleteUser($user_id[1]) == true) {
$data['msg'][] = " Userul a fost sters cu success";
$data['redirect'][] = 'administrare/show_users';
View::do_dump(VIEW_PATH . 'layout.php', $data);
} else {
$data['msg'][] = " Userul nu a fost sters";
$data['redirect'][] = 'administrare/show_users';
View::do_dump(VIEW_PATH . 'layout.php', $data);
}
break;
case 'delete_all':
$sterse = 0;
$nesterse = 0;
$user = new User(getDbh());
foreach ($_POST as $key) {
if ($key == 'delete_all') {
continue;
} else {
$user_id = explode("_", $key);
if ($user->deleteUser($user_id[1]) == true) {
$sterse++;
} else {
$nesterse++;
}
}
}
if ($sterse > 0) {
$data['msg'][] = $sterse . "useri au fost stersi cu success";
$data['redirect'][] = 'administrare/show_users';
View::do_dump(VIEW_PATH . 'layout.php', $data);
} else {
$data['msg'][] = $nesterse . "useri nu au fost stersi";
$data['redirect'][] = 'administrare/show_users';
View::do_dump(VIEW_PATH . 'layout.php', $data);
}
break;
default:
//echo "wrong action"
break;
}
}
<?php
/**
* Created by PhpStorm.
* User: Hoan
* Date: 11/5/2015
* Time: 1:12 PM
*/
//Khởi động session
session_start();
//Kiểm tra nếu chưa đăng nhập thì quay về trang đăng nhập
if (!isset($_SESSION['user'])) {
header('location:login.php');
}
//Require các file cần thiết
require '../../config/Config.php';
require '../../models/User.php';
//Lấy user_id từ URL
$user_id = $_GET['user_id'];
//Khởi tạo đối tượng thành viên (User)
$userModel = new User();
//Xóa
$userModel->deleteUser($user_id);
//Quay về trang danh sách thành viên
header('location:list.php');
<?php
require_once '../dbFunction.php';
session_start();
$delete_account = new User();
$delete_account->deleteUser($_SESSION['pseudo']);
$_SESSION = array();
session_destroy();
unset($_SESSION);
header('Location: index.php');
<?php
require_once "../../src/UserAccountControl.php";
if (isset($_POST)) {
$User = new User();
$result = $User->deleteUser($_POST['user_id'], (bool) $_POST['flag_delete'] or false);
if (is_array($result)) {
echo json_encode($result);
} else {
echo $result;
}
}
</head>
<body>
<?php
include_once "list_controller.php";
include_once "client_functions.php";
include_once "deleter.php";
include_once "users.php";
//("users.php");
//echo 'something good';
//session_start();
if (isset($_POST['lout'])) {
session_start();
//echo $_SESSION['password'];
//echo $tst;
User::deleteUser($_SESSION['password']);
//echo 'passed';
logout();
//direct('google.com');
}
list_verify();
$link_list = "";
$id = 0;
foreach (list_docs() as $doc) {
# code...
$current_html = "<input type='radio' name='docname' value='{$doc}'>{$doc}<br>";
$link_list .= $current_html;
}
echo '<div class="login-card">';
echo '<h1>Book List</h1>';
echo "<form action='ajax_viewer.php' method='post' accept-charset='utf-8'>\n\t\t{$link_list}\n<br/><input type='submit' name='doc_form' value='Read' class='login login-submit'>\n</form>";
case 'users':
if ($action == 'add') {
$template->page_title = 'Add New User';
if (isset($_POST['submit'])) {
User::addUser($_POST);
redirect($options['site_url'] . '/admin.php?area=' . $area);
}
} else {
if ($action == 'view') {
$template->page_title = 'View User';
if (isset($_POST['submit'])) {
User::saveUser($id, $_POST);
redirect($options['site_url'] . '/admin.php?area=' . $area);
}
if (isset($_POST['delete'])) {
User::deleteUser($id);
redirect($options['site_url'] . '/admin.php?area=' . $area);
}
} else {
$template->page_title = 'Manage Users';
}
}
break;
}
load_template('admin-' . $template->subnav['area'][$area]['template']);
} else {
$template->page_title = 'Admin Dashboard';
load_template('admin-dashboard');
}
}
}
$reponse->description = "";
$reponse->auteur = "";
$reponse->theme = "";
$reponse->confid = "";
$reponse->jaime = "";
$reponse->lien = "";
if (isset($_POST['id']) && !empty($_POST['id']) && isset($_POST['op']) && !empty($_POST['op'])) {
$id = $_POST['id'];
$op = $_POST['op'];
/* Inclusion du fichier de connexion à la BD */
include_once "connect-bd.php";
if ($op == "suppuser") {
$user = new User($bdd);
$image = new Image($bdd);
$galerie = new Galerie($bdd);
$suppression = $user->deleteUser($id);
if ($suppression) {
$suppression = $image->deleteUserImages($id);
if ($suppression) {
$suppression = $galerie->deleteUserGalleries($id);
if ($suppression) {
$bdd = null;
$reponse->success = true;
} else {
$reponse->message = "galerie";
}
} else {
$reponse->message = "image";
}
} else {
$reponse->message = "utilisateur";
<?php
if (isset($_GET['id'])) {
require_once '../../module/Connexion.php';
require_once '../../module/model/user.php';
require_once '../../module/model/commentaire.php';
$user = new User();
$result = $user->deleteUser($_GET['id']);
#delete all comments for this user
$comment = new Commentaire();
$comment->deleteAllCommentForUserId($_GET['id']);
if ($result) {
header("location:../../admin/users/editer");
} else {
header("location:../../admin/users/editer?c=failed");
}
} else {
header("location:../../layout/Intrusion/url.inc");
}
static function testUser()
{
$user = new User();
$logout = User::logout();
$_POST["user"] = self::generateRandomString();
$_POST["pass"] = self::generateRandomString();
$_POST["email"] = self::generateRandomString();
if ($register = User::createUser()) {
echo 'CREATE USER: <font color="green">Stworzono uzytkownika o id: ' . $register . ' Dane: ' . $_POST["user"] . ' Haslo: ' . $_POST["pass"] . '</font></br>';
} else {
echo 'CREATE USER: <font color="red">ERROR!</font>';
}
$login = User::login();
$id = User::getUID();
if ($login == true) {
echo 'LOGIN: <font color="green">Zalogowano, twoje UID: ' . $id . '</font></br>';
} else {
echo '<font color="red">LOGIN: ERROR!</font></br>';
return false;
}
if (User::checkLogin()) {
echo 'CHECK LOGIN: <font color="green">Zalogowany</font></br>';
} else {
echo 'CHECK LOGIN: <font color="red">Niezalogowany</font></br>';
return false;
}
if ($delete = User::deleteUser() == true) {
echo 'DELETE USER: <font color="green">Usunieto uzytkownika</font></br>';
} else {
echo 'DELETE USER: <font color="red">ERROR</font></br>';
return false;
}
User::logout();
if (!isset($_SESSION["uid"])) {
echo 'LOGOUT: <font color="green">Wylogowano!</font></br>';
} else {
echo 'LOGOUT: <font color="red">ERROR!</font></br>';
return false;
}
return true;
}
}
/*
$user, $pass, $fk_id_person, $pk_id_user, $fk_id_role
* */
// print_r($_POST);
$pk_id_user = $user->updateUser($_POST['USER_NAME'], $_POST['PASSWORD'], $_POST['PK_ID_PERSON'], $_POST['PK_ID_USER'], $_POST['ROL']);
if ($pk_id_user) {
Forms::setMessage('SUCCESS', 'Transaccion Exitosa!!', 'Los datos de usario se actualizaron correctamente!');
} else {
Forms::setMessage('ERROR', 'Transaccion erronea!!', 'Los datos de usario No se actualizaron correctamente!');
}
}
break;
case 'DELETE':
$data1 = array($_GET['PK_ID_USER']);
$pk_id_person = $user->deleteUser($data1);
if ($pk_id_person > 0) {
Forms::setMessage('SUCCESS', 'Transaccion Exitosa!!', 'Los datos de usario se eliminaron correctamente!');
} else {
Forms::setMessage('ERROR', 'Transaccion erronea!!', 'Los datos de usario No se eliminaron correctamente!');
}
break;
default:
break;
}
?>
<div class="grid_10">
<div class="box round first">
<h2><?php
global $app;
$app->halt(401);
});
$app->get('/user/', function () use($user) {
echo json_encode($user->getAllUsers());
});
$app->get('/user/:id/', function ($id) use($user) {
echo json_encode($user->getUserById($id));
});
$app->post('/user/', function () use($user, $app) {
$new_user = json_decode($app->request->getBody(), true);
$success = $user->createNewUser($new_user);
echo $success;
});
$app->delete('/user/:id/', function ($id) use($user) {
echo $user->deleteUser($id);
});
$app->put('/user/:id/', function ($id) use($user, $app) {
$details = json_decode($app->request->getBody());
echo $user->updateUser($id, $details);
});
$app->post('/login/', function () use($app) {
$login = new Login();
$email = $app->request->post('email');
$password = $app->request->post('password');
if ($login->match($email, $password)) {
echo json_encode(array("success" => "true"));
} else {
echo json_encode(array("success" => "false"));
}
});
/**
* @brief Delete a Mozilla Sync user.
*
* DELETE https://server/pathname/version/username
*
* Deletes the user account.
* NOTE: Requires simple authentication with the username and password associated with the account.
*
* Return value:
* 0 on success
*
* Possible errors:
* 503: there was an error removing the user
* 404: the user does not exist in the database
* 401: authentication failed
*
* @param string $syncHash Mozilla Sync user hash of the user to be deleted.
*/
private function deleteUser($syncHash)
{
if (User::isAutoCreateUser()) {
//auto create accounts only
Utils::changeHttpStatus(Utils::STATUS_INVALID_USER);
Utils::writeLog("Failed to delete user " . $syncHash . ". Delete disabled");
}
if (User::syncUserExists($syncHash) === false) {
Utils::changeHttpStatus(Utils::STATUS_NOT_FOUND);
Utils::writeLog("Failed to delete user " . $syncHash . ". User does not exist.");
}
if (User::authenticateUser($syncHash) === false) {
Utils::changeHttpStatus(Utils::STATUS_INVALID_USER);
Utils::writeLog("Authentication for deleting user " . $syncHash . " failed.");
}
$syncId = User::syncHashToSyncId($syncHash);
if ($syncId === false) {
Utils::changeHttpStatus(Utils::STATUS_INVALID_USER);
Utils::writeLog("Failed to convert user " . $syncHash . " to Sync ID.");
}
if (Storage::deleteStorage($syncId) === false) {
Utils::changeHttpStatus(Utils::STATUS_MAINTENANCE);
Utils::writeLog("Failed to delete storage for user " . $syncId . ".");
}
if (User::deleteUser($syncId) === false) {
Utils::changeHttpStatus(Utils::STATUS_MAINTENANCE);
Utils::writeLog("Failed to delete user " . $syncId . ".");
}
OutputData::write('0');
}
if (!$session->is_logged_in()) {
Redirect::redirectTo('/sha');
}
//Allow access only via ajax requests
if (empty($_SERVER['HTTP_X_REQUESTED_WITH']) || strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest') {
Redirect::redirectTo('404');
}
// generate a new SID to avoid session fixation
session_regenerate_id(true);
switch ($_POST['action']) {
// user account deletion
case 'delete_acc':
$token = $_POST['token'];
$pw = $_POST['password'];
$user = new User();
$delete = $user->deleteUser($token, USER_ID, $pw);
if ($delete === true) {
// delete success
$session->logout();
echo "1";
} else {
echo json_encode($user->errors);
}
break;
// update user profile info
// update user profile info
case 'update_info':
$database = new Database();
$data = $_POST['values'];
unset($_POST);
// check token validation